← Back

CVE-2026-2097

nvd nist
Published: Feb 10, 2026Modified: Feb 13, 2026

JSON object

Loading...
8.7
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: twcert@cert.org.tw (Secondary)

Description

Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

Affected (1)

Products: Flowring: Agentflow
Flowring
1 product
Agentflow
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Agentflow
All versions

Related CWEs

CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

Source: twcert@cert.org.tw
Third Party Advisory
Source: twcert@cert.org.tw
Third Party Advisory

Timeline

No history available yet.